summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHugo SIMELIERE (Schneider Electric) <hsimeliere.opensource@witekio.com>2026-05-20 13:50:32 +0200
committerAnuj Mittal <anuj.mittal@oss.qualcomm.com>2026-05-21 09:56:15 +0530
commit59f8c396f936e99770e6876af1e68e27d696857c (patch)
tree7d466d9ae5af3397cccfbe420b4da946d5219ca2
parent7acc7441941f8af0bb78700f62e926da2bbc12c9 (diff)
downloadmeta-openembedded-59f8c396f936e99770e6876af1e68e27d696857c.tar.gz
nss: Fix CVE-2026-2781
Pick patch from [1] as 3.9X upstream mirror backport of [2] mentioned in Debian report in [3]. [1] https://github.com/nss-dev/nss/commit/870d3b013e6b39540d14e67b3db89da5a96381bf [2] https://hg-edge.mozilla.org/projects/nss/rev/245385e16fa6 [3] https://security-tracker.debian.org/tracker/CVE-2026-2781 Signed-off-by: Hugo SIMELIERE (Schneider Electric) <hsimeliere.opensource@witekio.com> Reviewed-by: Bruno VERNAY <bruno.vernay@se.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
-rw-r--r--meta-oe/recipes-support/nss/nss/CVE-2026-2781.patch36
-rw-r--r--meta-oe/recipes-support/nss/nss_3.98.bb1
2 files changed, 37 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/nss/nss/CVE-2026-2781.patch b/meta-oe/recipes-support/nss/nss/CVE-2026-2781.patch
new file mode 100644
index 0000000000..8c1798ec04
--- /dev/null
+++ b/meta-oe/recipes-support/nss/nss/CVE-2026-2781.patch
@@ -0,0 +1,36 @@
1From fc8a94cca3150a59075ae3fba82ae9758df0b187 Mon Sep 17 00:00:00 2001
2From: John Schanck <jschanck@mozilla.com>
3Date: Wed, 11 Feb 2026 17:21:49 +0000
4Subject: [PATCH] Bug 2009552 - avoid integer overflow in platform-independent
5 ghash. r=#nss-reviewers
6
7Differential Revision: https://phabricator.services.mozilla.com/D278681
8
9--HG--
10branch : NSS_3_90_BRANCH
11
12CVE: CVE-2026-2781
13Upstream-Status: Backport [https://github.com/nss-dev/nss/commit/870d3b013e6b39540d14e67b3db89da5a96381bf]
14
15(cherry picked from commit 870d3b013e6b39540d14e67b3db89da5a96381bf)
16Signed-off-by: Hugo SIMELIERE (Schneider Electric) <hsimeliere.opensource@witekio.com>
17---
18 nss/lib/freebl/gcm.c | 2 +-
19 1 file changed, 1 insertion(+), 1 deletion(-)
20
21diff --git a/nss/lib/freebl/gcm.c b/nss/lib/freebl/gcm.c
22index 9ee7fc89b..d1410a9ad 100644
23--- a/nss/lib/freebl/gcm.c
24+++ b/nss/lib/freebl/gcm.c
25@@ -355,7 +355,7 @@ gcmHash_Update(gcmHashContext *ghash, const unsigned char *buf,
26 unsigned int blocks;
27 SECStatus rv;
28
29- ghash->cLen += (len * PR_BITS_PER_BYTE);
30+ ghash->cLen += ((uint64_t)len * PR_BITS_PER_BYTE);
31
32 /* first deal with the current buffer of data. Try to fill it out so
33 * we can hash it */
34--
352.43.0
36
diff --git a/meta-oe/recipes-support/nss/nss_3.98.bb b/meta-oe/recipes-support/nss/nss_3.98.bb
index 9218b4d30b..0937b28bd5 100644
--- a/meta-oe/recipes-support/nss/nss_3.98.bb
+++ b/meta-oe/recipes-support/nss/nss_3.98.bb
@@ -34,6 +34,7 @@ SRC_URI = "http://ftp.mozilla.org/pub/security/nss/releases/${VERSION_DIR}/src/$
34 file://0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch \ 34 file://0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch \
35 file://CVE-2024-6602.patch \ 35 file://CVE-2024-6602.patch \
36 file://CVE-2024-6609.patch \ 36 file://CVE-2024-6609.patch \
37 file://CVE-2026-2781.patch \
37 " 38 "
38SRC_URI[sha256sum] = "f549cc33d35c0601674bfacf7c6ad683c187595eb4125b423238d3e9aa4209ce" 39SRC_URI[sha256sum] = "f549cc33d35c0601674bfacf7c6ad683c187595eb4125b423238d3e9aa4209ce"
39 40